The US EMV liability shift will come to ATMs this fall — on October 1, ATM manufacturers will assume financial liability for fraudulent transactions from chip-enabled MasterCards, with Visa to follow suit in 2017.

This follows the liability shift for payment cards and in-store point-of-sale (POS) terminals, which occurred last October. But the transition to EMV-compliant ATMs, particularly for non-bank ATM operators, is occurring slowly, according to the Chicago Tribune. For context, roughly 35% of US ATMs will be upgraded by October, according to the Chicago Tribune.

The expense of upgrading ATMs is likely keeping that number down. Each ATM costs between $300 and $3,000 to upgrade, and once upgraded, needs to be cleaned for an additional cost on a regular basis. For context, the migration would cost roughly $4 million for a company like FAM ATM, which has 8,000 ATMs in its fleet. That’s more than the company’s annual earnings before taxes, according to the Chicago Tribune.

That investment isn’t worth it for most ATM operators, likely for a few key reasons:

ATM use is declining. North America was the only region that did not see growth in the total volume of ATM withdrawals in 2014, according to data from RBR published byFinextra. Less frequent ATM usage means lower profits and less expendable income for operators.

Among consumers that do use ATMs, many don’t have EMV debit cards yet. At the end of March, just 30% of Visa debit cards contained chips, compared to 47% of Visa credit cards. That means that the majority of consumers using debit cards to access ATMs won’t be able to take advantage of an upgraded ATM for several years.

The first ATM liability shift will cover a smaller network of chip cards. MasterCard counted 183 million US debit cards, compared to Visa’s 484 million, at the end of 2015. That means that it’s more likely that EMV-compliant debit users will have a Visa than a MasterCard, which leaves ATM operators responsible for fraud costs on a low number of cards through 2017. Limited exposure to counterfeit fraud liability leaves ATM operators with little incentive to upgrade.

The slow upgrade could result in an increase of already sky-high ATM fraud. A FICO study found that the number of compromised ATMs in the US rose 546% from 2014 to 2015. Much of that increase is due to a lag in the debit and ATM EMV migration, meaning that ongoing delays could amplify ATM fraud.

Fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion just one year earlier. To solve the card fraud problem across in-store, online, and mobile payments, payment companies and merchants are implementing new payment protocols that could finally help mitigate fraud.

John Heggestuen, senior research analyst for BI Intelligence, Business Insider's premium research service, has compiled a detailed report on payment security that looks at how the dynamics of fraud are shifting across in-store and online channels and explains the top new types of security that are gaining traction across each of these channels, including on Apple Pay.

Here are some of the key takeaways from the report:

EMV cards are being rolled out with an embedded microchip for added security. The microchip carries out real-time risk assessments on a person's card purchase activity based on the card user's profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.

To bolster security throughout the payments chain encryption of payments data is being widely implemented. Encryption degrades valuable data by using an algorithm to translate card numbers into new values. This makes it difficult for fraudsters to harvest the payments data for use in future transactions.

Point-to-point encryption is the most tightly defined form of payments encryption. In this scheme, sensitive payment data is encrypted from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions in stores and online.

Tokenization increases the security of transactions made online and in stores. Tokenization schemes assign a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often "multiuse," meaning merchants don't have to force consumers to re-enter their payment details. Apple Pay uses an emerging form of tokenization.

3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to tell whether the person using card data is actually the cardholder. 3D Secure adds a level of user authentication by requiring the customer to enter a passcode or biometric data in addition to payment data to complete a transaction online. Merchants who implement 3D Secure risk higher shopping-cart abandonment.

In full, the report:

Assesses the fraud cost to US retailers and how that fraud is expected to shift in coming years

Provides 5 high-level explanations of the top payment security protocols

Includes 7 infographics illustrating what the transaction flow looks like when each type of security is implemented.

Analyzes the strengths and weakness of each payment security protocol and the reasons why particular protocols are being put in place at different types of merchants.

To get your copy of this invaluable guide, choose one of these options:

Subscribe to an ALL-ACCESS Membership with BI Intelligence and gain immediate access to this report AND over 100 other expertly researched deep-dive reports, subscriptions to all of our daily newsletters, and much more. >> START A MEMBERSHIP

Purchase the report and download it immediately from our research store. >> BUY THE REPORT

The choice is yours. But however you decide to acquire this report, you’ve given yourself a powerful advantage in your understanding of payments security.